RainMachine setup process is broken (for 'correctly' set-up IoT networks)
To whome it may concern,
$ cat /etc/hosts | grep machines | wc -l
28
This is a number of IoT devices from leak alarms, vacums, lamps, washing machines to RainMachine in our Home WiFi. Frem security perspective there is no reason to expect that any one of these devices is secure or remains so over [extended] period of time. In order to minimze damage and mitigate any lateral movement when one of the devices evetually gets hacked, I am enforcing a strict client separation in air interface and in wireline network. One result of this is that one device in WiFi cannot access other, which completely breaks your setup process using iPhone App (e.g. it works to the point where I enter WiFi password, after which seemingly both RM and phone connect to Home Wifi and your app tries to locate RM).
I realize today this is not your typical home WiFi setup. But I guarantee that this is a direction everything will eventually move. This is also part of the reason why most sane devices/companies support setting up their devices in a way that does NOT require access to device within LAN, but instead during initial setup, device (such as RainMachine) is configured with enough details to access wifi and your remote server (e.g. in iPhone app setup rainmaster to connect to wifi, save some random ID, connect to wifi, access myrainmachine.com, connect randomID to newly created account, and complete the config via myrainmachine.com).
Now - it's great (and part of the reason I went with RM that you promise operation / setup without network access. Keep that as a backup, but please, please, please with sugar on top, allow confifuring device or remote access without having a need for a mobile app to communicate with RainMachine in Home LAN.
Thanks
-
Nico
Our 12 and 16 zones units have a touch display so you can do this without an app.
Unfortunately the Mini 8 has a small screen and isn't able to connect to WiFi by itself and needs the help of the app.
One option you have would be to disable "Isolation" long enough to get the device connected and then re-enable isolation.
At this point you will need to use Remote Access to connect to your device since it will be undiscover-able on the LAN afterwards.
We do here your input and its greatly valued.
-
On Mini-8 the setup can be done using a browser, if you can connect to its IP address. The process is not quite user friendly but it's described here: https://support.rainmachine.com/hc/en-us/articles/115002108388-How-to-perform-initial-setup-of-RainMachine-Mini-8-from-a-laptop
We understand your proposed solution but RainMachine is not really an IoT device the "Remote access" feature is more like a proxy than will forward API calls between RainMachine and another remote client.
What you propose could be easily solved if RainMachine would come with "Remote access" enabled by default which will automatically connect to our servers when WIFI is configured. It has been decided when we did the product that we will only connect to our remote servers if the users enable this feature themselves and not automatically.
What will probably work it would be to add a button "Remotelly scan for RainMachine" when no devices are detected locally.
-
FWIW: Nico's model is what I originally attempted for all consumer type devices. I have actually found that many devices just don't work without some sort of broadcast/multicast allowed. I finally just gave up and ended up putting all untrusted consumer devices on a single network segment.
Please sign in to leave a comment.
Comments
3 comments